Rx3/network_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

- First commit of the new version!

Browse Source
This commit is contained in:
Arnaud G. GIBERT
2025-06-23 11:34:42 +02:00
parent 218b34a909
commit 7efd2f514c
5 changed files with 1922 additions and 800 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
usr/local/lib/default.bash Normal file
View File

@@ -0,0 +1,239 @@
#!/bin/bash
if [[ "${DEFAULT_BASH}" != "" ]]
then
return
else
declare -g DEFAULT_BASH=1
fi
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
# Default Options
#-----------------------------------------------------------------------------------------------------------------------------------
shopt -s extglob
# Print Version
#-----------------------------------------------------------------------------------------------------------------------------------
version_print()
{
echo "$VERSION" | sed -e 's/.*: //' -e 's/-/ /' -e 's/_/\./g' -e 's/\$$//'
}
# Prin Help
#-----------------------------------------------------------------------------------------------------------------------------------
help_print()
{
echo "${NAME} ${HELP}"
}
# Quote Str
#-----------------------------------------------------------------------------------------------------------------------------------
quote_str()
{
local quoted=${1//\'/\'\\\'\'}
printf "'%s'" "$quoted"
}
# Escape Str
#-----------------------------------------------------------------------------------------------------------------------------------
escape_str()
{
echo "$*" | sed -e "s/\"/\\\\\"/g"
}
# Line Echo
#-----------------------------------------------------------------------------------------------------------------------------------
line_echo()
{
string="$1"
count="$2"
echo -en "\e[2K\r"
if [[ "${count}" != "" ]]
then
printf "%05d: %s" "${count}"
echo -en "${string}"
fi
}
# Err Echo
#-----------------------------------------------------------------------------------------------------------------------------------
err_echo()
{
echo "$@" 1>&2
}
# Exec CMD
#-----------------------------------------------------------------------------------------------------------------------------------
exec_cmd()
{
cmd="$1"
if [[ "${verbose}" == "true" ]]
then
echo "${cmd}" 1>&2
fi
if [[ "${dry_run}" != "true" ]]
then
eval "${cmd}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# tab_assign
#--------------------------------------------------------------------------------------------------------------------------
tab_assign()
{
declare -n ta_tab=$1
ta_key=$2
ta_value=$3
if [[ "${ta_value}" == "-" ]]
then
ta_value=""
fi
ta_tab[${ta_key}]="${ta_value}"
}
#--------------------------------------------------------------------------------------------------------------------------
# var_assign
#--------------------------------------------------------------------------------------------------------------------------
var_assign()
{
declare -n va_var=$1
va_value=$2
va_mode=$3
if [[ "${va_value}" == "-" ]]
then
va_value=""
fi
if [[ "${va_mode}" == "INC" ]]
then
va_var="${va_var} ${va_value}"
else
va_var="${va_value}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# file_lock
#--------------------------------------------------------------------------------------------------------------------------
file_lock()
{
fl_file="$1"
fl_mode="$2"
fl_desc="$3"
if [[ ( "${fl_mode}" == "EXCLUSIVE" ) || ( "${fl_mode}" == "WRITE" ) ]]
then
fl_flag="-x"
else
fl_flag="-s"
fi
if [[ "${fl_desc}" == "" ]]
then
fl_desc="9"
fi
eval "exec ${fl_desc}<>\"\${fl_file}\""
if ! flock ${fl_flag} -w 5 ${fl_desc}
then
err_echo "Failed to acquire read lock on: [${file}]"
exit 1
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# file_unlock
#--------------------------------------------------------------------------------------------------------------------------
file_unlock()
{
fu_desc="$1"
if [[ "${fu_desc}" == "" ]]
then
fu_desc="9"
fi
eval "exec ${fl_desc}<&-"
eval "exec ${fl_desc}>&-"
}

258
usr/local/lib/dns.bash Normal file
View File

@@ -0,0 +1,258 @@
#!/bin/bash
if [[ "${DNS_BASH}" != "" ]]
then
return
else
declare -g DNS_BASH=1
fi
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/global/lib/default.bash
#[ -e /var/cache/dns.cache ] && . /var/cache/dns.cache
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
declare -Ag DNS_A_TAB
declare -g DNS_A_ID_LIST
declare -Ag DNS_PTR_TAB
declare -g DNS_PTR_ID_LIST
declare -g DNS_CACHE_FILE="/var/cache/dns.cache"
declare -g DNS_CACHE_LOCK="/var/lock/network/dns.lock"
#declare -g DNS_CACHE_LOCK="${DNS_CACHE_FILE}"
declare -g DNS_CACHE_UPDATED=0
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_load
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_load()
{
file_lock "${DNS_CACHE_LOCK}" READ 9
if [[ ( -e "${DNS_CACHE_FILE}" ) && ( "${NETWORK_CONFIG_FILE}" -ot "${DNS_CACHE_FILE}" ) ]]
then
${LOG} 1>&2 "DNS: Read CacheFile"
while IFS= read -r line
do
line=${line%%#*}
if [[ ! -z "$line" ]]
then
set ${line}
dtl_type="$1"
dtl_key="$2"
dtl_value="$3"
dns_tab_put ${dtl_type} "${dtl_key}" "${dtl_value}"
fi
done < ${DNS_CACHE_FILE}
else
${LOG} 1>&2 "DNS: Init CacheFile"
>${DNS_CACHE_FILE}
fi
file_unlock 9
DNS_CACHE_UPDATED=0
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_save
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_save()
{
if [[ "${DNS_CACHE_UPDATED}" != "0" ]]
then
file_lock "${DNS_CACHE_LOCK}" WRITE 9
${LOG} 1>&2 "DNS: Write CacheFile"
(
for key in "${!DNS_A_TAB[@]}"
do
echo "A ${key} ${DNS_A_TAB[${key}]}"
done
for key in "${!DNS_PTR_TAB[@]}"
do
echo "PTR ${key} ${DNS_PTR_TAB[${key}]}"
done
) | sort -n >${DNS_CACHE_FILE}
file_unlock 9
DNS_CACHE_UPDATED=0
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_get
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_get()
{
dns_type="$1"
dns_key="$2"
case ${dns_type}
in
"A")
if [[ -v DNS_A_TAB["${dns_key}"] ]]
then
dns_value="${DNS_A_TAB["${dns_key}"]}"
else
${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]"
return 1
fi
;;
"PTR")
if [[ -v DNS_PTR_TAB["${dns_key}"] ]]
then
dns_value="${DNS_PTR_TAB["${dns_key}"]}"
else
${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]"
return 1
fi
;;
esac
${LOG} "DNS: Lookup succeed: Type: [${dns_type}] Key: [${dns_key}] Value: [${dns_value}]"
return 0
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_put
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_put()
{
dtp_type="$1"
dtp_key="$2"
dtp_value="$3"
${LOG} 1>&2 "DNS: Update cache entry: Type: [${dtp_type}] Key: [${dtp_key}] Value: [${dtp_value}]"
var_assign DNS_${dtp_type}_ID_LIST "${dtp_key}" INC
tab_assign DNS_${dtp_type}_TAB "${dtp_key}" "${dtp_value}"
DNS_CACHE_UPDATED=1
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_lookup
#--------------------------------------------------------------------------------------------------------------------------
dns_lookup()
{
dl_type="$1"
dl_key="$2"
dl_flag="$3"
if [[ "${dl_flag}" != "NOCACHE" ]]
then
dns_tab_get ${dl_type} ${dl_key}
else
false
fi
if [[ "$?" != "0" ]]
then
${LOG} "DNS: Out of Cache: Type: [${dl_type}] Key: [${dl_key}] Flag: [${dl_flag}]"
case ${dl_type}
in
"A")
dns_value="$( dig +short ${dl_key} 2>/dev/null)"
;;
"PTR")
dns_value="$( dig +short -x ${dl_key} 2>/dev/null)"
dns_value="${dns_value%.}"
;;
esac
if [[ "${dl_flag}" != "NOCACHE" ]]
then
dns_tab_put "${dl_type}" "${dl_key}" "${dns_value}"
fi
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_dump()
{
echo "DNS_A_ID_LIST: [${DNS_A_ID_LIST}]"
echo
echo "DNS_A_TAB:"
for key in "${!DNS_A_TAB[@]}"
do
echo "[${key}]: [${DNS_A_TAB[${key}]}]"
done | sort -n
echo
echo "DNS_PTR_ID_LIST: [${DNS_PTR_ID_LIST}]"
echo
echo "DNS_PTR_TAB:"
for key in "${!DNS_PTR_TAB[@]}"
do
echo "[${key}]: [${DNS_PTR_TAB[${key}]}]"
done | sort -n
echo
}

692
usr/local/lib/network.bash Normal file
View File

@@ -0,0 +1,692 @@
#!/bin/bash
if [[ "${NETWORK_BASH}" != "" ]]
then
return
fi
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/global/lib/default.bash
. /usr/global/lib/dns.bash
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g NETWORK_BASH=1
declare -g NETWORK_OPENVPN_STATUS
declare -g NETWORK_SRC_TYPE
declare -Ag NETWORK_SRC_TAB
declare -g NETWORK_SRC_ID_LIST
declare -Ag NETWORK_SRC_IP_IDX
declare -g NETWORK_DST_TYPE
declare -Ag NETWORK_DST_TAB
declare -g NETWORK_DST_ID_LIST
declare -g NETWORK_CONFIG_FILE="/etc/sysconfig/rx3-network"
declare -g NETWORK_CONFIG_LOCK="/var/lock/network/rx3-network"
#declare -g NETWORK_CONFIG_LOCK="${NETWORK_CONFIG_FILE}"
file_lock ${NETWORK_CONFIG_LOCK} READ 9
[ -e "${NETWORK_CONFIG_FILE}" ] && . "${NETWORK_CONFIG_FILE}"
file_unlock 9
if [ ! -v LOG ]
then
LOG=":"
fi
#--------------------------------------------------------------------------------------------------------------------------
# network_common_load
#--------------------------------------------------------------------------------------------------------------------------
network_common_load()
{
NETWORK_OPENVPN_STATUS="$( sudo /usr/local/sbin/openvpn-status)"
NETWORK_TABLE_LIST=""
}
#--------------------------------------------------------------------------------------------------------------------------
# network_common_dump
#--------------------------------------------------------------------------------------------------------------------------
network_common_dump()
{
echo "NETWORK_OPENVPN_STATUS: [${NETWORK_OPENVPN_STATUS}]"
echo
echo "NETWORK_TABLE_LIST: [${NETWORK_TABLE_LIST}]"
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# network_dst_tab_load
#--------------------------------------------------------------------------------------------------------------------------
network_dst_tab_load()
{
ndtl_id=0
while IFS= read -r line
do
line=${line%%#*}
if [[ ! -z "$line" ]]
then
set ${line}
ndtl_name="$1"
ndtl_type="$2"
ndtl_device="$3"
ndtl_config="$4"
ndtl_table="$5"
var_assign NETWORK_DST_ID_LIST "${ndtl_id}" INC
tab_assign NETWORK_DST_TAB "${ndtl_id},Name" "${ndtl_name}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Type" "${ndtl_type}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Device" "${ndtl_device}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Config" "${ndtl_config}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Table" "${ndtl_table}"
var_assign NETWORK_TABLE_LIST "${ndtl_table}" INC
tab_assign NETWORK_DST_TAB "${ndtl_id},Status" "$( ip link show dev ${ndtl_device} 2>/dev/null | grep -q ",UP," && echo 1 || echo 0)"
dns_lookup A vpn${ndtl_id}.vpn.rx3 "NOCACHE"
tab_assign NETWORK_DST_TAB "${ndtl_id},IP" "${dns_value}"
case "${ndtl_type}"
in
"0")
set $(ip -s link show ${ndtl_device} 2>/dev/null ) &>/dev/null
ndtl_bytes_received="$( echo ${27} | numfmt --to=iec-i --suffix=B)"
ndtl_bytes_sent="$( echo ${40} | numfmt --to=iec-i --suffix=B)"
ndtl_uptime=""
;;
"1")
set $( echo "${NETWORK_OPENVPN_STATUS}" | grep ${ndtl_device}) &>/dev/null
# i=1; while [[ $i -lt 50 ]]; do eval "val=\${$i}"; echo "($i):[${val}]" 1>&2; i=$(( $i + 1)); done
ndtl_bytes_received="$( echo ${18/bytes,} | numfmt --to=iec-i --suffix=B)"
ndtl_bytes_sent="$( echo ${22/bytes,} | numfmt --to=iec-i --suffix=B)"
ndtl_start_date="$( grep "ext-client-${ndtl_device}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//")"
if [[ "${ndtl_start_date}" == "" ]]
then
ndtl_uptime=""
else
ndtl_uptime=$( echo "$(($(date +%s) - $(date -d "${ndtl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
fi
;;
esac
tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Received" "${ndtl_bytes_received}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Sent" "${ndtl_bytes_sent}"
tab_assign NETWORK_DST_TAB "${ndtl_id},Uptime" "${ndtl_uptime}"
ndtl_id=$(( ${ndtl_id} + 1))
fi
done <<< ${NETWORK_DST_CONFIG}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_dst_tab_get
#--------------------------------------------------------------------------------------------------------------------------
network_dst_tab_get()
{
dst_id="$1"
dst_name=${NETWORK_DST_TAB["${dst_id},Name"]}
dst_type=${NETWORK_DST_TAB["${dst_id},Type"]}
dst_device=${NETWORK_DST_TAB["${dst_id},Device"]}
dst_config=${NETWORK_DST_TAB["${dst_id},Config"]}
dst_table=${NETWORK_DST_TAB["${dst_id},Table"]}
dst_status=${NETWORK_DST_TAB["${dst_id},Status"]}
dst_ip=${NETWORK_DST_TAB["${dst_id},IP"]}
dst_bytes_received=${NETWORK_DST_TAB["${dst_id},Bytes_Received"]}
dst_bytes_sent=${NETWORK_DST_TAB["${dst_id},Bytes_Sent"]}
dst_start_date=${NETWORK_DST_TAB["${dst_id},Start_Date"]}
dst_uptime=${NETWORK_DST_TAB["${dst_id},Uptime"]}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_dst_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
network_dst_tab_dump()
{
echo "NETWORK_DST_ID_LIST: [${NETWORK_DST_ID_LIST}]"
echo
echo "NETWORK_DST_TAB:"
for key in "${!NETWORK_DST_TAB[@]}"
do
echo "[${key}]: [${NETWORK_DST_TAB[${key}]}]"
done | sort -n
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_load
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_load()
{
nstl_id=0
nstl_port_default=3000
while IFS= read -r line
do
line=${line%%#*}
if [[ ! -z "$line" ]]
then
set ${line}
nstl_ip="$1"
nstl_type="$2"
nstl_owner="$3"
nstl_table="$4"
nstl_port_start="$5"
nstl_port_range="$6"
if [[ "${nstl_port_start}" == "-" ]]
then
nstl_port_start=${nstl_port_default}
fi
dns_lookup PTR ${nstl_ip}
nstl_name="${dns_value}"
case "${nstl_type}"
in
"0")
nstl_device=""
nstl_status="2"
nstl_bytes_received=""
nstl_bytes_sent=""
nstl_uptime=""
nstl_last_seen=""
;;
"1")
nstl_device="tun0"
nstl_status_line="$( echo "${NETWORK_OPENVPN_STATUS}" | grep "${nstl_device}.log: CLIENT_LIST.*${nstl_ip},")"
if [[ "${nstl_status_line}" == "" ]]
then
nstl_status="0"
nstl_bytes_received=""
nstl_bytes_sent=""
nstl_start_date=""
nstl_uptime=""
nstl_last_seen="$( stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')"
else
nstl_status="1"
IFS=,
set ${nstl_status_line} &>/dev/null
unset IFS
nstl_bytes_received=$( echo ${6} | numfmt --to=iec-i --suffix=B)
nstl_bytes_sent=$( echo ${7} | numfmt --to=iec-i --suffix=B)
nstl_start_date=${8}
nstl_uptime=$( echo "$(($(date +%s) - $(date -d "${nstl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
nstl_last_seen="$(stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')"
fi
;;
esac
if [[ " ${NETWORK_TABLE_LIST} " != *" ${nstl_table} "* ]]
then
err_echo "Invalid table number: [${nstl_table}] in network src entry: [${nstl_id}]!"
exit 1
fi
var_assign NETWORK_SRC_ID_LIST "${nstl_id}" INC
tab_assign NETWORK_SRC_TAB "${nstl_id},IP" "${nstl_ip}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Name" "${nstl_name}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Type" "${nstl_type}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Owner" "${nstl_owner}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Table" "${nstl_table}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Start" "${nstl_port_start}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Range" "${nstl_port_range}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Status" "${nstl_status}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Received" "${nstl_bytes_received}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Sent" "${nstl_bytes_sent}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Uptime" "${nstl_uptime}"
tab_assign NETWORK_SRC_TAB "${nstl_id},Last_Seen" "${nstl_last_seen}"
tab_assign NETWORK_SRC_IP_IDX "${nstl_ip}" "${nstl_id}"
nstl_id=$(( ${nstl_id} + 1))
nstl_port_default=$(( ${nstl_port_start} + ${nstl_port_range}))
fi
done <<< ${NETWORK_SRC_CONFIG}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_get
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_get()
{
src_id="$1"
src_ip=${NETWORK_SRC_TAB["${src_id},IP"]}
src_name=${NETWORK_SRC_TAB["${src_id},Name"]}
src_type=${NETWORK_SRC_TAB["${src_id},Type"]}
src_owner=${NETWORK_SRC_TAB["${src_id},Owner"]}
src_table=${NETWORK_SRC_TAB["${src_id},Table"]}
src_port_start=${NETWORK_SRC_TAB["${src_id},Port_Start"]}
src_port_range=${NETWORK_SRC_TAB["${src_id},Port_Range"]}
if [[ "${src_port_range}" != "0" ]]
then
src_port_end=$(( ${src_port_start} + ${src_port_range} - 1))
else
src_port_start=""
src_port_end=""
fi
src_status=${NETWORK_SRC_TAB["${src_id},Status"]}
src_bytes_received=${NETWORK_SRC_TAB["${src_id},Bytes_Received"]}
src_bytes_sent=${NETWORK_SRC_TAB["${src_id},Bytes_Sent"]}
src_start_date=${NETWORK_SRC_TAB["${src_id},Start_Date"]}
src_uptime=${NETWORK_SRC_TAB["${src_id},Uptime"]}
src_last_seen=${NETWORK_SRC_TAB["${src_id},Last_Seen"]}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_dump()
{
echo "NETWORK_SRC_ID_LIST: [${NETWORK_SRC_ID_LIST}]"
echo
echo "NETWORK_SRC_IP_IDX:"
for key in "${!NETWORK_SRC_IP_IDX[@]}"
do
echo "[${key}]: [${NETWORK_SRC_IP_IDX[${key}]}]"
done | sort -n
echo
echo "NETWORK_SRC_TAB:"
for key in "${!NETWORK_SRC_TAB[@]}"
do
echo "[${key}]: [${NETWORK_SRC_TAB[${key}]}]"
done | sort -n
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# network_src_tab_ip_lookup
#--------------------------------------------------------------------------------------------------------------------------
network_src_tab_ip_lookup()
{
src_ip="$1"
src_id=${NETWORK_SRC_IP_IDX["${src_ip}"]}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_tab_load
#--------------------------------------------------------------------------------------------------------------------------
network_tab_load()
{
dns_tab_load
network_common_load
network_dst_tab_load
network_src_tab_load
dns_tab_save
}
#--------------------------------------------------------------------------------------------------------------------------
# network_tab_dump
#--------------------------------------------------------------------------------------------------------------------------
network_tab_dump()
{
dns_tab_dump
network_common_dump
network_dst_tab_dump
network_src_tab_dump
}
#--------------------------------------------------------------------------------------------------------------------------
# network_table_init
#--------------------------------------------------------------------------------------------------------------------------
network_table_init()
{
${LOG} "Add Rx3 routes in VPN tables"
for table in ${TABLE_LIST}
do
for route in ${IP_ROUTE}
do
${DEBUG} ip route add ${route/:*/} table ${table} dev ${route/*:/}
done
done
${LOG} "Copy main default rule into table 3 (VPN Local routing table)"
if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
then
${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# network_table_deinit
#--------------------------------------------------------------------------------------------------------------------------
network_table_deinit()
{
${LOG} "Remove default route in table 3"
${DEBUG} ip route del default table 3
${LOG} "Remove Rx3 routes in VPN tables"
for table in ${TABLE_LIST}
do
for route in ${IP_ROUTE}
do
${DEBUG} ip route del ${route/:*/} table ${table} dev ${route/*:/} 2>/dev/null
done
done
}
#--------------------------------------------------------------------------------------------------------------------------
# network_table_set
#--------------------------------------------------------------------------------------------------------------------------
network_table_set()
{
nts_ip=$1
nts_table=$2
network_src_tab_ip_lookup "${nts_ip}"
if [[ "${src_id}" == "" ]]
then
err_echo "IP not found: [${nts_ip}]!"
return 1
fi
if [[ " ${NETWORK_TABLE_LIST} " != *" ${nts_table} "* ]]
then
err_echo "Table not found: [${nts_table}]!"
return 1
fi
tab_assign NETWORK_SRC_TAB "${src_id},Table" "${ts_table}"
${DEBUG} sed "/^NETWORK_SRC_CONFIG=\"/,/^\"/ { s/^\(${nts_ip//./\\.}[[:space:]]\+\([^\t ]\+[[:space:]]\+\)\{2\}\)[^[:space:]]\+/\1${nts_table}/ }" -i ${NETWORK_CONFIG_FILE}
${DEBUG} ip rule del from ${nts_ip} 2>/dev/null
${DEBUG} ip rule add from ${nts_ip} table ${nts_table}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_add
#--------------------------------------------------------------------------------------------------------------------------
network_forward_add()
{
nfa_ip=$1
nfa_port_start=$2
nfa_port_end=$3
${DEBUG} iptables -t nat -A PREROUTING-VPN -p tcp -m tcp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
${DEBUG} iptables -t nat -A PREROUTING-VPN -p udp -m udp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_remove
#--------------------------------------------------------------------------------------------------------------------------
network_forward_remove()
{
nfr_ip=$1
nfr_port_start=$2
nfr_port_end=$3
${DEBUG} iptables -t nat -D PREROUTING-VPN -p tcp -m tcp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
${DEBUG} iptables -t nat -D PREROUTING-VPN -p udp -m udp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_start
#--------------------------------------------------------------------------------------------------------------------------
network_forward_start()
{
${LOG} "Create VPN forward chain"
${DEBUG} iptables -t nat -N PREROUTING-VPN
${LOG} "Add jump rule for VPN"
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get ${dst_id}
if [[ "${dst_type}" != "0" ]]
then
${DEBUG} iptables -t nat -A PREROUTING -i ${dst_device} -j PREROUTING-VPN
fi
done
${LOG} "Add VPN client addresse rules"
for src_id in ${NETWORK_SRC_ID_LIST}
do
network_src_tab_get ${src_id}
${DEBUG} ip rule add from ${src_ip} table ${src_table}
if [[ "${src_port_range}" != "0" ]]
then
network_forward_add "${src_ip}" "${src_port_start}" "${src_port_end}"
fi
done
}
#--------------------------------------------------------------------------------------------------------------------------
# network_forward_stop
#--------------------------------------------------------------------------------------------------------------------------
network_forward_stop()
{
${LOG} "Remove VPN client addresse rules"
for src_id in ${NETWORK_SRC_ID_LIST}
do
network_src_tab_get ${src_id}
${DEBUG} ip rule del from ${src_ip} 2>/dev/null
if [[ "${src_port_range}" != "0" ]]
then
network_forward_remove "${src_ip}" "${src_port_start}" "${src_port_end}"
fi
done
${LOG} "Remove Jump rule for VPN"
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get ${dst_id}
if [[ "${dst_type}" != "0" ]]
then
${DEBUG} iptables -t nat -D PREROUTING -i ${dst_device} -j PREROUTING-VPN
fi
done
${LOG} "Delete VPN forward chain"
${DEBUG} iptables -t nat -X PREROUTING-VPN
}
#--------------------------------------------------------------------------------------------------------------------------
# network_status
#--------------------------------------------------------------------------------------------------------------------------
network_status()
{
echo "Rules:"
ip rule show
echo
if [[ "${NETWORK_TABLE_LIST}" == "" ]]
then
echo "Network table list empty"
echo
else
for table in ${NETWORK_TABLE_LIST}
do
echo "Table ${table}:"
ip route list table ${table}
echo
done
fi
echo "Forward:"
iptables -t nat -L PREROUTING -v -n
echo
iptables -t nat -L PREROUTING-VPN -v -n
}